Policy Server GuidesPolicy Design GuideRules › Configure a Rule for Web Agent Actions

Previous Topic: Advanced Rule Options

Next Topic: Configure a Rule for Authentication Event Actions

Configure a Rule for Web Agent Actions

The following procedure describes the process for creating a rule that specifies a Web Agent action.

Note: You should also follow this procedure when configuring rules for a TransactionMinder XML Agent, while considering the additional rule actions available for that agent type. See the eTrust SOA Security Manager Operations Guide.

Note: When you create or modify a Policy Server object in the Policy Server User Interface, use ASCII characters. Object creation or modification with non-ASCII characters is not supported.

To create a Rule for Web Agent Actions

  1. Using the Policy Server User Interface, create a rule object.

    The Rule Dialog opens.

  2. Provide a Name and, optionally, a Description of the new rule.
  3. In the Realm and Resources group box, select the name of the realm from the Realm drop-down list box that includes the resources to which this rule will apply.
  4. In the Resource field, enter the Resource that this rule will protect.

    Note: When you look at rules associated with a realm in the SiteMinder Administration window, the Resource column displays the resource specified in each rule. Green text indicates a resource filter inherited from a realm or group of nested realms.

  5. Select the Perform Regular Expression Matching check box if you want the rule’s resource to use regular expressions.
  6. In the Action group box, select the Web Agent Actions radio button.
  7. In the Action group box, select one or more of the following HTTP actions from the list to the right of the radio buttons:
  8. In the Allow/Deny and Enable/Disable group box, select either the Allow Access or the Deny Access radio button.

    When an Allow Access rule fires, SiteMinder allows properly authenticated users who are associated with the policy that contains the rule to access the resource specified by the rule.

    When a Deny Access rule fires, SiteMinder denies access to properly authenticated users who are specified in the policy that contains the rule.

    Note: Deny Access rules take precedence over Allow Access rules. You can use a Deny Access rule to make sure that a user or group of users cannot access a resource, regardless of any other policies and rules that exist in your SiteMinder implementation.

  9. If you do not want the rule to be active, unset the Enabled check box.
  10. If required, set time restrictions and or active rule settings in the Advanced group box.
  11. Click Apply to save the rule, or click OK to save the rule and return to the SiteMinder Administration window.

    When you look at rules associated with a realm in the SiteMinder Administration window, the Resource column displays the resource specified in each rule. Green text indicates a resource filter inherited from a realm or group of nested realms.

More information:

Rule Dialog

Regular Expressions for Resource Matching

Policy Overview

Enable and Disable Global Rules

Advanced Rule Options